libproxy ‘px_pac_reload’函数基于栈的缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1170567 漏洞类型 缓冲区溢出
发布时间 2012-10-12 更新时间 2012-11-15
CVE编号 CVE-2012-4505 CNNVD-ID CNNVD-201210-427
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
https://www.securityfocus.com/bid/55910
https://cxsecurity.com/issue/WLB-2012100115
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201210-427
|漏洞详情
libproxy是一个用于提供自动代理配置管理的库。libproxy0.2.x和0.3.x版本中的lib/pac.c中的‘px_pac_reload’函数中存在基于栈的缓冲区溢出漏洞。远程攻击者可利用该漏洞通过将用于proxy.pac文件请求的HTTP响应报头中加入特制的Content-Length大小,产生未明影响。
|漏洞EXP
libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:

http://code.google.com/p/libproxy/source/detail?r=853
https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504

Upstream announcement also mentions another issue - CVE-2012-4505.  It
is related, but different problem that was found in pre-0.4 versions
while investigating if they were affected by CVE-2012-4504.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505
|受影响的产品
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubun
|参考资料

来源:groups.google.com
链接:https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=864612
来源:BID
名称:55910
链接:http://www.securityfocus.com/bid/55910
来源:MLIST
名称:[oss-security]20121016Re:libproxyPACdownloadingbufferoverflows
链接:http://www.openwall.com/lists/oss-security/2012/10/16/3
来源:MLIST
名称:[oss-security]20121012Re:libproxyPACdownloadingbufferoverflows
链接:http://www.openwall.com/lists/oss-security/2012/10/12/5
来源:MLIST
名称:[oss-security]20121012libproxyPACdownloadingbufferoverflows
链接:http://www.openwall.com/lists/oss-security/2012/10/12/1
来源:DEBIAN
名称:DSA-2571
链接:http://www.debian.org/security/2012/dsa-2571
来源:SECUNIA
名称:51180
链接:http://secunia.com/advisories/51180
来源:SECUNIA
名称:51048
链接:http://secunia.com/advisories/51048
来源:SUSE
名称:openSUSE-SU-2012:1375
链接:http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html